[tor-relays] Debian relay Puppet module

Alexander Fortin alexander.fortin at gmail.com
Wed Jun 18 17:49:23 UTC 2014


On 18. Juni 2014 at 16:26:38, Zack Weinberg (zackw at cmu.edu) wrote:
> Best practice as I understand it is that you should have an exit
> notice on all exit relays. What I'm not sure of is whether "DirPort
> 80 + DirPortFrontPage" is the recommended way to accomplish that. The
> CMU Tor exit uses a separate lighttpd install, I think primarily
> because we didn't know about DirPortFrontPage when we set it up. I
> can make a case either way - less software = less attack surface;
> separate install = compartmentalization.

I understand the 'less software’ benefit; I’m currently reading https://en.wikipedia.org/wiki/Compartmentalization_(information_security) but still not sure if I understand correctly the reference to the ‘compartmentalization' in this case.

> As long as we're talking about exits, a nice touch would be to include
> the reduced exit policy as an option (
> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy );
> the ideal would be a three-way choice of not an exit / wide-open exit
> / reduced exit (no email or BitTorrent) plus a place to add local exit
> rules.

Yes, makes sense, and should not be too complex to implement, I’ll try to add this and get back here for some review. Thanks for the feedback

--  
Alexander Fortin
http://about.me/alexanderfortin


More information about the tor-relays mailing list